Drones have recently become one of the most important technological breakthroughs. They have opened the horizon for a vast array of applications and paved the way for a diversity of innovative solutions. Integrating drones with the Internet has led to the emergence of a new paradigm named the Internet of Drones (IoD). Several works dealt with the security of the IoD, and various surveys have been published on this topic over the past few years. The existing surveys either have limited scope or offer partial coverage of cybersecurity countermeasures. To address these gaps, in this paper, we provide a comprehensive survey related to the cyber and physical security of IoD. Differently from many surveys that only provide a classification of attacks/threats, we also propose three taxonomies that are related to (1) the assets of drones, (2) attacks, and (3) countermeasures. The first taxonomy is a two-level classification of the assets in the IoD. The first level considers the coarse-grained assets, which refer to the IoD's tangible elements, and the second level considers the fine-grained assets, which refer to the elements composing the coarse-grained assets. Based on the asset classification, we propose a taxonomy of attacks targeting the coarse and fine-grained assets, which allows a finer level of granularity to identify threats, and thus ensure better security. Also, we evaluate the risk of cyber and physical attacks by introducing a novel concept, named Chain of Impact, which connects four types of impacts, namely, Direct, Mission, Drone, and Environment. We propose a taxonomy of technical and non-technical countermeasures according to two implementation phases: Pre-incident, and Post-incident (or recovery). The pre-incident countermeasures are further classified as: preventive and detective. In addition, we present the countermeasures along with their performance and limitations. Finally, open research challenges are identified and ranked according to the level of attention they should receive from the research community. Also, future research directions and suggestions are presented for the security of the IoD.

无人机最近成为最重要的技术突破之一。它们为大量应用打开了视野，并为各种创新解决方案铺平了道路。将无人机与互联网相结合导致出现了一种名为无人机互联网 (IoD) 的新范式。有几部作品涉及 IoD 的安全性，并且在过去几年中已经发表了关于该主题的各种调查。现有调查要么范围有限，要么只覆盖部分网络安全对策。为了弥补这些差距，在本文中，我们提供了与 IoD 的网络和物理安全相关的综合调查。与许多仅提供攻击/威胁分类的调查不同，我们还提出了三种分类法，它们与 (1) 无人机的资产，(2) 攻击，(3) 对策。第一个分类法是 IoD 中资产的两级分类。第一层考虑粗粒度资产，指IoD的有形元素，第二层考虑细粒度资产，指构成粗粒度资产的元素。基于资产分类，我们提出了针对粗粒度和细粒度资产的攻击分类法，允许更细粒度的威胁识别，从而确保更好的安全性。此外，我们通过引入一个名为 第二层考虑细粒度资产，指的是组成粗粒度资产的元素。基于资产分类，我们提出了针对粗粒度和细粒度资产的攻击分类法，允许更细粒度的威胁识别，从而确保更好的安全性。此外，我们通过引入一个名为 第二层考虑细粒度资产，指的是组成粗粒度资产的元素。基于资产分类，我们提出了针对粗粒度和细粒度资产的攻击分类法，允许更细粒度的威胁识别，从而确保更好的安全性。此外，我们通过引入一个名为Chain of Impact，连接四种类型的影响，即Direct，Mission，Drone和Environment。我们根据两个实施阶段提出了技术和非技术对策的分类：事件前和事件后（或恢复）。事件前的对策进一步分为：预防性和检测性。此外，我们还介绍了对策及其性能和局限性。最后，确定开放性研究挑战，并根据它们应受到研究界的关注程度进行排序。此外，还针对 IoD 的安全性提出了未来的研究方向和建议。